# 📋 Audit Report Template

> **Pack:** Shield (GRC Audit) — Shared Templates
> **Purpose:** Standardized compliance audit report format
> **Version:** 1.0.0

---

## Compliance Audit Report

### Cover Page

| Field | Value |
|-------|-------|
| **Report Title** | [Framework] Compliance Audit Report |
| **Organization** | [NAME] |
| **Framework(s)** | [FRAMEWORK VERSION] |
| **Audit Type** | Internal / External / AI-Assisted |
| **Scope** | [Description of audit scope] |
| **Period** | [Start Date] to [End Date] |
| **Report Date** | [DATE] |
| **Prepared by** | [NAME] |
| **Classification** | Confidential |

---

### 1. Executive Summary

**Overall Compliance Posture:** 🔴 Non-Compliant / 🟡 Partially Compliant / 🟢 Compliant

**Key Findings:**
- X critical findings requiring immediate action
- X high-priority gaps requiring remediation within 30 days
- X medium-priority improvements recommended
- X low-priority best-practice suggestions

---

### 2. Scope & Methodology

**In Scope:**
- [Systems, applications, data stores]
- [Processes, departments, locations]
- [Data types covered]

**Out of Scope:**
- [Excluded items with justification]

**Methodology:**
- [Audit standard used]
- [Evidence collection methods]
- [Sampling approach if applicable]

---

### 3. Findings

| # | Severity | Reference | Finding | Risk | Recommendation | Owner | Due Date |
|---|----------|-----------|---------|------|----------------|-------|----------|
| 1 | 🔴 Critical | [Art./Cl.] | [Description] | [Risk] | [Action] | [Name] | [Date] |
| 2 | 🟡 High | [Art./Cl.] | [Description] | [Risk] | [Action] | [Name] | [Date] |
| 3 | 🟢 Medium | [Art./Cl.] | [Description] | [Risk] | [Action] | [Name] | [Date] |

**Severity Definitions:**
- 🔴 **Critical**: Direct regulatory violation, immediate penalty risk
- 🟡 **High**: Significant compliance gap, requires near-term remediation
- 🟢 **Medium**: Best practice improvement, no immediate violation risk
- ⚪ **Low**: Enhancement opportunity, industry best practice

---

### 4. Compliance Summary by Domain

| Domain | Controls Tested | Compliant | Partial | Non-Compliant | Score |
|--------|----------------|-----------|---------|---------------|-------|
| [Domain 1] | X | X | X | X | X% |
| [Domain 2] | X | X | X | X | X% |
| **Total** | **X** | **X** | **X** | **X** | **X%** |

---

### 5. Recommendations & Remediation Plan

| Priority | Action | Framework Ref | Effort | Timeline | Dependencies |
|----------|--------|--------------|--------|----------|-------------|
| 1 | [Action] | [Ref] | [Est.] | [When] | [What] |

---

### 6. Appendices

- **A**: Evidence inventory
- **B**: Detailed control testing results
- **C**: Interview/assessment notes
- **D**: Previous audit comparison (if applicable)

---

### Document Control

| Version | Date | Author | Changes |
|---------|------|--------|---------|
| 1.0 | [Date] | [Name] | Initial audit report |
